Classification: TLP:WHITE | OPEN SOURCE | Cycle: 48-Hour Rolling (May 11 09:00 UTC – May 13 09:00 UTC) | Stories: 4 Policymaker Summary Thesis: The 48-hour cycle ending May 13, 2026 is defined by two confirmed exploitation crises and two high-severity vulnerabilities requiring immediate preventive action. A state-sponsored China-nexus cluster (CL-STA-1132)
Overview CVE-2023-27997 is a heap-based buffer overflow vulnerability in the SSL-VPN component of Fortinet FortiOS and FortiProxy. The flaw permits an unauthenticated, remote attacker to execute arbitrary code or commands by sending specifically crafted requests to a vulnerable SSL-VPN interface. With a CVSS score of 9.8 and an EPSS
Overview CVE-2024-21762 is a critical out-of-bounds write vulnerability in Fortinet FortiOS and FortiProxy that permits a remote, unauthenticated attacker to achieve arbitrary code or command execution through specially crafted HTTP requests targeting the SSL VPN component. The flaw carries a CVSSv3 score of 9.8 and an EPSS score of
Overview CVE-2025-48384 is a link-following vulnerability in Git arising from inconsistent handling of carriage return (CR) characters when reading and writing configuration values. Git strips trailing CR characters when reading configuration entries but does not quote or escape them when writing, producing a round-trip inconsistency. An attacker who controls repository
Policymaker Summary Bottom Line: The dominant operational risk in the May 10–12 window is software supply-chain compromise, not endpoint or perimeter vulnerability. The Mini Shai-Hulud campaign that hit TanStack on May 11 at 19:20 UTC has been confirmed by Aikido and Socket as a multi-ecosystem event spanning npm,
Overview CVE-2022-22536 is a critical HTTP request smuggling vulnerability (CVSS 10.0) affecting multiple SAP products, including SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server, and SAP Web Dispatcher. The flaw stems from inconsistent handling of HTTP request boundaries between front-end proxies and
Overview CVE-2025-31324 is an unrestricted file upload vulnerability in the SAP NetWeaver Visual Composer Metadata Uploader component. The flaw allows an unauthenticated remote attacker to upload arbitrary executable binaries to the affected server, enabling remote code execution on the underlying NetWeaver Application Server Java instance. The vulnerability carries a maximum
![CVE-2026-3502 - [KEV] - CVSS 7.8](https://blacklensintelligence.com/content/images/bli/cyber-header-2.jpg)
Overview CVE-2026-3502 is a download of code without integrity check vulnerability (CWE-494) affecting the TrueConf Client. The application's update mechanism fails to validate the authenticity or integrity of update payloads before execution. An attacker positioned to influence the update delivery path—through network interception, DNS manipulation, compromise of
![CVE-2025-24813 - [KEV] - CVSS 9.8](https://blacklensintelligence.com/content/images/bli/cyber-header-1.jpg)
Overview CVE-2025-24813 is a critical path equivalence vulnerability in Apache Tomcat that enables unauthenticated remote attackers to achieve remote code execution, disclose sensitive information, or inject malicious content through a crafted partial PUT request. The flaw stems from inconsistent handling of file paths when Tomcat processes partial PUT uploads, allowing